No one can deny that identity theft has been on the rise over the last few years, but the actual numbers are staggering. According to the SA Fraud Prevention Service, cases of identity theft have risen 200 percent over the last six years.
“Identity fraud has grown to include theft of cell and landline phone services; cable and satellite television services; power, water, gas, and electricity; Internet and data services; medical insurance; home mortgages and rental housing car financing and other forms of financing and loans as well as government benefits,” Manie van Schalkwyk of the SAFPS told the Boksburg Advertiser.
In the United States, van Schalkwyk notes, there are an average of 15 million cases of identity theft every year, with an estimated person cost of $3,500 to individuals affected by this fraud. And corporate actions following breaches aren’t doing much to improve security or strengthen consumer trust.
Identity Theft Leaves Lasting Damage
According to CSO, Target’s data breach settlement earlier this year sets a particularly “low bar” for security standards. Many believe that the company’s settlement while outlining some security improvements, doesn’t address the real problem behind Target’s 2013 breach – inadequate response. When Target detected the data breach that resulted in personal data for 70 million customers being stolen, they didn’t do enough to understand the significance of the breach and therefore did not act on it quickly enough to reduce the size or scope of the attack.
One security industry leader described the terms of the settlement as “yesterday’s security paradigm,” ill-representative of a modern security response. Illinois Attorney General Lisa Madigan stated that “[The] settlement with Target establishes industry standards for companies that process payment cards and maintain secure information about their customers,” but, as CSO notes, such a standard should be a bare minimum, not what companies should aspire to. In some cases, some affected by the Target breach still haven’t recovered financially.
Taking a New Approach to Privacy
In order to really tackle the identity theft epidemic sweeping the globe, we need to change how we approach security as a whole. Nine times out of 10, a data breach can be traced back to user error: Someone not following password best practices, falling for social engineering, or even selling their credentials. The best way to improve security then, it seems, is to take the responsibility off of end users by changing what we use to authenticate them.
One way to accomplish this is to replace passwords and tokens with biometric authentication. Biometrics eliminate the end user’s ability to bypass best practices, utilizing a highly-secure authentication method that’s still convenient for them. When paired with additional authentication factors, this approach will enhance security and help companies reduce their overall risk.
Data breaches are a plague, but there are steps we can take to overcome them. Replacing antiquated security practices is just one piece of the puzzle, but it’s an important one.